Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Security Firms Detect Police Spyware?

Posted by kdawson on from the who-do-you-trust dept.

cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."

9 of 269 comments (clear)

  1. note to self by timmarhy · · Score: 4, Informative
    "Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

    never buy anything from check point.

    --
    If you mod me down, I will become more powerful than you can imagine....
  2. TFA didn't ask about National Security Letters by schwaang · · Score: 4, Informative

    The question was "Have you ever received such a court order signed by a judge...".
    But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.

    That's only in Amerika of course.

    1. Re:TFA didn't ask about National Security Letters by cyberstealth1024 · · Score: 3, Informative

      For the rest of you Googlers: National Security Letter

    2. Re:TFA didn't ask about National Security Letters by schwaang · · Score: 4, Informative

      Totalitarian dictatorships absolutely would do this. But then, that's actually my point.

    3. Re:TFA didn't ask about National Security Letters by FailedTheTuringTest · · Score: 3, Informative

      It's an amusing story, but of course it is not true. First, the Official Secrets Acts (1911 and 1989) are law, and is enforceable whether the person in question has signed anything or not, just like any other law. "Signing the Official Secrets Act" (or more properly, signing a statement acknowledging that they understand the provisions of the Act) is simply a way of impressing people and reminding them that loose lips sink ships. Second, the Act doesn't say anything about signing it, and of course nothing about not telling people whether you've signed it. (Official Secrets Acts 1911 and 1989)

  3. Well, this isn't exactly new... by Penguinisto · · Score: 4, Informative
    Seriously - there's even a good reason why MSFT doesn't really want to talk about it.

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  4. Re:Police spyware used by the dark side? by BUL2294 · · Score: 3, Informative

    I live in Chicago. Half the cops here are crooks, and the other half would never snitch on their crooked friends...

    So, yes, such white-listed malware is bound to get into the hands of crooks--especially if it's in the hands of cops.

    --
    Windows 3.1x calc: 3.11 - 3.10 = 0.00
  5. Re:Security by Jugalator · · Score: 5, Informative

    Decoded because tinfoiling or making a point this way is just plain annoying... :-p

    "Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds."

    With Bush in office you can only expect more of the same.

    --
    Beware: In C++, your friends can see your privates!
  6. McAfee and Symantec dropped the ball by BillGatesLoveChild · · Score: 5, Informative

    Consider what happened with the SONY rootkit? Bruce Schneier (Cryptography and Security Expert) reported that Symantec and McAfee who both knew about the SONY rootkit did not add it to their signatures file. Apparently if SONY hacks your computer, that's fine with them! They only updated their files once SONY themselves had retracted the rootkit. http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html

    If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.

    Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?